Unprivileged attackers can get root access on multiple major Linux distributions in default configurations by exploiting a newly disclosed local privilege escalation vulnerability in the GNU C Library.
Tracked as CVE-2023-6246, this security flaw was found in glibc's vsyslog internal() function, called by the widely-used syslog and vsyslog functions for writing messages to the system message logger.
The bug is due to a heap-based buffer overflow weakness accidentally introduced in glibc 2.37 in August 2022 and later backported to glibc 2.36 when addressing a less severe vulnerability tracked as CVE-2022-39046.
While testing their findings, Qualys confirmed that Debian 12 and 13, Ubuntu 23.04 and 23.10, and Fedora 37 to 39 were all vulnerable to CVE-2023-6246 exploits, allowing any unprivileged user to escalate privileges to full root access on default installations.
While analyzing glibc for other potential security issues, the researchers also found three other vulnerabilities, two of them-harder to exploit- in the vsyslog internal() function and a third one in glibc's qsort function.
Over the past few years, researchers at Qualys have found several other Linux security vulnerabilities that can let attackers gain complete control over unpatched Linux systems, even in default configurations.
Vulnerabilities they discovered include a flaw in glibc's ld.
One in Polkit's pkexec component, another in the Kernel's filesystem layer, and in the Sudo Unix program.
Days after the Looney Tunables flaw was disclosed, proof-of-concept exploits were published online, and threat actors started exploiting it one month later to steal cloud service provider credentials in Kinsing malware attacks.
The Kinsing gang is known for deploying cryptocurrency mining malware on compromised cloud-based systems, including Kubernetes, Docker APIs, Redis, and Jenkins servers.
Exploits released for Linux flaw giving root on major distros.
New 'Looney Tunables' Linux bug gives root on major distros.
CISA orders federal agencies to patch Looney Tunables Linux bug.
CISA: Critical Microsoft SharePoint bug now actively exploited.
Cisco says critical Unity Connection bug lets attackers get root.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 30 Jan 2024 23:10:46 +0000